Hi,
We recently received a Vulnerability that is as below (Liferay 6.2 EE)
When we manupulate custom login portlet URL.
https://www.mycustomlogin/login to https://www.mycustomlogin/image I
get redirected to the Liferay Login portlet which exposes the full URL (https://www.mycustomlogin/inicio?p_p_state=maximized&p_p_mode=view&saveLastPath=false&_58_struts_action=%2Flogin%2Flogin&p_p_id=58&p_p_lifecycle=0&_58_redirect=%2Fimage)
and after this URL can be modified to get access to search
portlet(p_p_id=3). can you help us with the way to change this
behavious as we do not want to expose our control panel login and
search portlet.
I am new to liferay but i tried introducing a custom filter but it
looks request is getting intercepted before request is received by my filter.
Thanks in Advance.
